aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/admin.js3
-rw-r--r--server/middlewares/validators/videos.js30
2 files changed, 16 insertions, 17 deletions
diff --git a/server/middlewares/admin.js b/server/middlewares/admin.js
index e6d9dc887..3288f4c6b 100644
--- a/server/middlewares/admin.js
+++ b/server/middlewares/admin.js
@@ -1,6 +1,5 @@
1'use strict' 1'use strict'
2 2
3const constants = require('../initializers/constants')
4const logger = require('../helpers/logger') 3const logger = require('../helpers/logger')
5 4
6const adminMiddleware = { 5const adminMiddleware = {
@@ -9,7 +8,7 @@ const adminMiddleware = {
9 8
10function ensureIsAdmin (req, res, next) { 9function ensureIsAdmin (req, res, next) {
11 const user = res.locals.oauth.token.user 10 const user = res.locals.oauth.token.user
12 if (user.role !== constants.USER_ROLES.ADMIN) { 11 if (user.isAdmin() === false) {
13 logger.info('A non admin user is trying to access to an admin content.') 12 logger.info('A non admin user is trying to access to an admin content.')
14 return res.sendStatus(403) 13 return res.sendStatus(403)
15 } 14 }
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 86a7e39ae..f18ca1597 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -137,6 +137,18 @@ function videoRate (req, res, next) {
137 }) 137 })
138} 138}
139 139
140function videosBlacklist (req, res, next) {
141 req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
142
143 logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
144
145 checkErrors(req, res, function () {
146 checkVideoExists(req.params.id, res, function () {
147 checkVideoIsBlacklistable(req, res, next)
148 })
149 })
150}
151
140// --------------------------------------------------------------------------- 152// ---------------------------------------------------------------------------
141 153
142module.exports = validatorsVideos 154module.exports = validatorsVideos
@@ -166,8 +178,8 @@ function checkUserCanDeleteVideo (userId, res, callback) {
166 } 178 }
167 179
168 // Check if the user can delete the video 180 // Check if the user can delete the video
169 // The user can delete it if s/he an admin 181 // The user can delete it if s/he is an admin
170 // Or if s/he is the video's author 182 // Or if s/he is the video's author
171 if (user.isAdmin() === false) { 183 if (user.isAdmin() === false) {
172 if (res.locals.video.isOwned() === false) { 184 if (res.locals.video.isOwned() === false) {
173 return res.status(403).send('Cannot remove video of another pod') 185 return res.status(403).send('Cannot remove video of another pod')
@@ -185,20 +197,8 @@ function checkUserCanDeleteVideo (userId, res, callback) {
185 197
186function checkVideoIsBlacklistable (req, res, callback) { 198function checkVideoIsBlacklistable (req, res, callback) {
187 if (res.locals.video.isOwned() === true) { 199 if (res.locals.video.isOwned() === true) {
188 return res.status(403).send('Cannot blacklist a local video') 200 return res.status(403).send('Cannot blacklist a local video')
189 } 201 }
190 202
191 callback() 203 callback()
192} 204}
193
194function videosBlacklist (req, res, next) {
195 req.checkParams('id', 'Should have a valid id').notEmpty().isUUID(4)
196
197 logger.debug('Checking videosBlacklist parameters', { parameters: req.params })
198
199 checkErrors(req, res, function () {
200 checkVideoExists(req.params.id, res, function() {
201 checkVideoIsBlacklistable(req, res, next)
202 })
203 })
204}